Closing in on Fraudsters by Closing the Loop

Stolen and cloned payment cards already cost the financial industry on the order of $2 billion per year, and the bad guys are getting smarter.

Stolen and cloned payment cards already cost the financial industry on the order of $2 billion per year, and the bad guys are getting smarter.

That's why HSBC, the global bank and financial services firm, recently hired data analysis software company SAS to improve its ability to quickly identify payment card fraud. Currently HSBC relies on a variety of fraud detection systems that vary by region and market. George Lennox, senior manager of group credit and risk at London-based HSBC, says these disparate systems don't provide the level of protection that a global system could provide. "We believe in common systems, and we want a fraud detection system that's truly universal."

SAS has been working with HSBC to design software that the company can deploy as a global standard. The software will monitor the appropriate data sources for any given region, score the likelihood an event is fraudulent and trigger actions appropriate for the institution. SAS plans to make this technology available to other clients in the financial services field. The new system will raise the level of defense over conventional fraud detection solutions partly by relying on more data sources. "Today, most fraud management platforms just look at transactions," says Lennox. "We plan to look at the bank relationship, bank balances and customer activity beyond simple point-of-sale transactions."

For example, if the system looks at only a narrow slice of data, a cardholder on vacation buying a handmade rug could trigger an alarm, thereby displeasing the customer.

The new software will be smart enough to know such a purchase isn't likely fraud. "On the other hand," Lennox says, "the purchase of 600 liters of diesel fuel in the Czech Republic might raise a red flag." Stolen cards in Europe often end up in the hands of truck drivers, something the new system will know.

[ THE Q.T. ]
Janet Perna, the venerable general manager of IBM Software's Information Management Group whose purview includes DB2, will leave IBM on August 15th after 31 years of service. One of her colleagues accidentally disclosed news of her departure prematurely.

A chief problem with fraud detection today is that the statistical models used aren't dynamic enough. Statisticians can build models that sift through enormous amounts of data to detect anomalies, but static models will often flag the wrong anomalies and miss the criminal activity. This is why SAS worked with HSBC fraud managers to build models that are constantly updated with feedback from proven fraud cases—in other words, by creating a closed-loop system.

HSBC expects the software development work to be completed in the spring of 2006. Implementation and testing will push deployment into the summer, but it won't go global immediately. Lennox explains that HSBC, like many banks, relies on third-party service providers in various locations around the world to police payment card transactions. "Our goal is to stop relying on third parties and to have a global system in place by 2008."

In addition, HSBC is pushing for a consortium with other financial institutions to stop payment card fraud. "Of course, we're normally in competition with other banks," Lennox explains, "but to the extent that we can cooperate to fight fraud, we would like to do that."

Oracle security patches

Three months after releasing a flawed "Critical Patch Update" for 70 security weaknesses in Oracle databases and app servers, Oracle released a fix. But the "fix" was faulty, too. A separate July Critical Patch Update corrected the April update but had new flaws affecting some versions of the database. Oracle told affected customers to install a newer database.

Troubled Siebel seems unlikely to regain traction in the packaged CRM space, so CEO George Shaheen is staking its future on custom development, with the still incomplete Project Nexus. Shaheen estimates this market is worth almost five times that of packaged CRM. Nexus will have to compete with's Customforce and ERP vendors' CRM modules.

SAP's worldwide Q2 revenue is 16% higher than it was a year ago; 25% higher in the Americas. SAP attributes its exceptional growth to midmarket penetration and its Safe Passage program, which encourages defection from products that Oracle has acquired: chiefly PeopleSoft, J.D. Edwards and Retek applications. SAP's earnings were stellar compared to most software firms.